VS Code + Gemini Code Assist

Prerequisites

Before setting up MVS, ensure the following:

VS Code

• Download latest VS Code

Gemini Code Assist VS Code Extension

• Install the Gemini Code Assist extension from the VS Code Marketplace (Link)

Node.js

Ensure Node.js v18.20 or later is installed. The Mobb MCP server uses npx and requires a modern Node.js runtime.

node --version

If not installed or outdated, install via nodejs.org.

Step 1. Configure Mobb MCP Server

You can configure the MCP server either per workspace or globally.

Option A: Workspace-Level (.gemini/settings.json)

1. In your project root, create .gemini/settings.json:

This file can be committed to your repo and shared across your team.

Option B: Global Configuration

1. Open your Gemini settings JSON file, located at ~/.gemini/settings.json where ~ is your home directory (Mac/Linux) or %USERPROFILE%\.gemini\settings.json (Windows)

2. Add or update the MCP configuration as follows:

This allows you to reuse the same setup across all projects.

Step 2. Restart VS Code

After configuring the MCP server, restart VS Code to load the new configuration:

1. Close and reopen VS Code completely, or

2. Reload VS Code

   • Open Command Palette (Ctrl+Shift+P or Cmd+Shift+P)

   • Run Developer: Reload Window

Step 3. Verify Mobb MCP Integration

1. Open Gemini from the left navigation panel in VS Code

2. Toggle agent mode on in the Gemini chat window

3. Type /tools to see if Mobb tools are available

4. Type /mcp to see if Mobb MCP server is detected

If the configuration is successful, you'll see mobb-mcp tools available (such as scan_and_fix_vulnerabilities, fetch_available_fixes, and check_for_new_available_fixes).

Step 4. Use Mobb with Gemini Code Assist

1. Ensure Agent Mode is active. Then in the Gemini Code Assist chat, type:

3. Gemini will automatically use the Mobb tools when appropriate

4. On first-time setup, MVS will open a browser window to connect to the Mobb platform. You will be prompted to log in and authorize the IDE integration.

Deploying a Rulebook for Automated Security Scanning and Fixing

To ensure comprehensive security coverage in your development workflow, you should deploy a security-focused rulebook that mandates Mobb vulnerability scanning and fixing after every code change. In VS Code with Gemini Code Assist, this can be done by adding a file named .gemini/GEMINI.md at the root of your project or repository:

This rulebook enforces a mandatory security rule that requires:

• Automatic Mobb scanning and fixing after implementing any new features or making code changes

• Local fix rule creation for every vulnerability type discovered by Mobb

• Vulnerability prevention by building a library of security fix rules specific to your codebase

This security-first approach transforms your development workflow into a continuous security hardening process, where each vulnerability discovered becomes a permanent protection rule for future development.

Troubleshooting

• Validate node is available in the terminal by running node --version

• Check .gemini/settings.json for syntax or command errors

• Ensure Gemini Code Assist extension is properly installed and configured

• Verify that you're in agent mode when trying to use Mobb tools

• After you make changes to the MCP settings, you may need to restart VS Code

• For Gemini Code Assist specific issues, check the Google Cloud Code Assist Agent Mode Guide